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DETAILED ACTION 

1 . Claims 1 -1 5 and 1 7-26 remain for examination. The correspondence filed 
12/30/04 cancelled claims 27-30 and amended claims 1, 5-6, and 10-15. 

Response to Arguments 

2. Applicant's arguments filed 12/30/04, with respect to the rejection(s)of claim(s) 1- 
15 and 17-26 under 35 USC 102(b) in view of Minear have been fully considered and 
are persuasive. Therefore, the rejection has been withdrawn. However, upon further 
consideration, a new ground(s) of rejection is made in view of Minear and loannidis. 

Claim Rejections - 35 USC § 103 

3. Claims 1-15 and 17-26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Minear et al. (U.K. Patent Application GB 2317792A), and further in 
view of loannidis et al. ("Implementing a Distributed Firewall"; hereinafter "loannidis"). 

Referring to Claims 1 and 6: 

Minear discloses a method comprising: 

determining at a classifying forwarding element if a classification parameter is 
available for Internet Protocol security (IPsec) traffic that indicates a route for the IPsec 
traffic and classifying said traffic if available (col 7, lines 15-30); 

if said classification parameter is not available, and the IPsec traffic is encrypted 
then decrypting traffic in a decrypting fonA/arding element after said traffic has passed 
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through said classifying fonA/arding element (col 4, lines 10-15), and determining the 
classification parameter for the IPsec traffic (col 9, lines 20-30); and 

forwarding the IPsec traffic based on the classification parameter (col 10, lines 1- 

10). 

Minear does not disclose that the decrypting fonA/arding element is separate from 
the classifying forward element, nor that the classification parameter is provided to the 
classifying forward element. However, loannidis discloses a distributed firewall system 
in which classifying and decrypting/processing are separate elements), and that the 
classification parameter is passed to the first classifying element (see Figure 1 , and also 
page 193, column 1 , l"""^ and 3^^ paragraphs). It would have been obvious to use a 
distributed firewall arrangement, such as that disclosed by loannidis, in the invention 
disclosed by Minear. The motivation for doing so would be to rectify a number of 
drawbacks typical of standard firewalls (enumerated on page 190, 2"" column through 
page 191, 1^* column). 

Referring to Claims 2 and 7: 

Minear and loannidis disclose the limitations of Claims 1 and 6 above. Minear 
further discloses receiving the IPsec traffic at the classifying forwarding element (col 7, 
lines 20-30). 
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Referring to Claim 3 and 8: 

Minear and loannidis disclose the limitations of Claims 1 and 6 above. Minear 
further discloses the classification parameter includes a security parameter index (SPI) 
associated with the IPsec traffic (col 7, lines 15-25). 

Referring to Claims 4 and 9: 

Minear and loannidis disclose the limitations of Claims 1 and 6 above. Minear 
further discloses the IPsec traffic includes a data packet (col 7, lines 15-30). 

Referring to Claims 5 and 10: 

Minear and loannidis disclose the limitations of Claims 1 and 6 above. Minear 
and loannidis further disclose receiving at the first classifying forward element other 
Ipsec traffic included in a traffic stream with the IPsec traffic (loannidis, "4.4 Example 
Scenario", first two paragraphs), and fonA^arding the other IPsec traffic included in a 
traffic stream with the IPsec traffic based on the provided classification parameter (col 8, 
lines 25-30; col 9, lines 5-15). 

Referring to Claim 1 1 : 

Minear discloses a system comprising: 

a classifying forwarding element configured to communicate with a network, to 
determine a classification parameter that indicates a route for a traffic stream is 
available for a packet included in the traffic stream (col 9, lines 20-30); 
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a control element in communication with the classifying forward element, the 
control element configured to receive information including classification information for 
the traffic stream and cryptographic information for the traffic stream, the control 
element further configured to transmit at least some classification information to the 
classifying forward element and to transmit at least one key based on the cryptographic 
information to a decryption forwarding element (col. 9, line 10 - col. 10, line 8); and 

wherein a decryption forwarding element is configured to receive the packet from 
the classifying fonvarding element, and to perform an encryption-related procedure on 
the packet if the packet is encrypted and associated with the at least one key (col 4, 
lines 10-15; col 7, lines 15-25). 

Minear does not disclose that the decrypting forwarding element is separate from 
the classifying fonrt/ard element, nor that the classification parameter is provided to the 
classifying forward element. However, loannidis discloses a distributed firewall system 
in which classifying and decrypting/processing are separate elements), and that the 
classification parameter Is passed to the first classifying element (see Figure 1 , and also 
page 193, column 1, 2'^ and 3'^'* paragraphs). It would have been obvious to use a 
distributed firewall arrangement, such as that disclosed by loannidis, in the invention 
disclosed by Minear. The motivation for doing so would be to rectify a number of 
drawbacks typical of standard firewalls (enumerated on page 190, 2"" column through 
page 191, 1®* column). 
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Referring to Claim 12: 

IVIinear and loannidis disclose the limitations of Claim 1 1 above, loannidis further 
discloses wherein the control element is configured to receive at least some of the 
cryptographic information in an Internet Key Exchange (page 191, 2"^ column, first non- 
bulleted paragraph). 

Referring to Claim 13: 

Minear and loannidis disclose the limitations of Claim 12 above. Minear further 
discloses the second mechanism is also configured to forward the packet to the control 
element if the packet is not associated with a known encryption-related key (col 9, lines 
15-30; col 17, lines 30-40). 

Referring to Claim 14: 

Minear and loannidis disclose the limitations of Claim 12 above, loannidis further 
discloses wherein the decryption forwarding element is included in a plurality of 
decrypting forwarding elements, each in communication with at least one server of a 
plurality of servers, and wherein the control element includes security information for 
each of the plurality of servers (page 191 , column 1 , 2"" non-bulleted paragraph). 



Application/Control Number: 09/774,429 
Art Unit: 2135 



Page 7 



Referring to Claim 15: 

Minear and loannidis disclose the limitations of Claim 12 above. Minear and 
loannidis further disclose wherein the cryptographic information includes an encryption- 
related key (Minear: col 7, lines 15-30; loannidis: page 193, column 1, 2"^ paragraph). 

Referring to Claim 17: 

Minear and loannidis disclose the limitations of Claim 1 1 above. Minear further 
discloses a plurality of additional mechanisms, each additional mechanism configured to 
communicate with the classification forwarding device to perform an encryption-related 
procedure on the packet if the packet is encrypted and associated with a known 
encryption-related key (col 7, line 25-col 8, line 15), and, if the classification parameter 
is available, to forward the packet based on the route for the traffic stream (col 8, lines 
25-30). 

Referring to Claim 18. 

Minear and loannidis disclose the limitations of Claim 1 1 above. Minear further 
discloses the packet includes an Internet Protocol security data packet (col 8, lines 15- 
30). 
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Referring to Claim 19: 

Minear and loannidis disclose the limitations of Claim 1 1 above. Minear further 
discloses the traffic stream includes a plurality of Internet Protocol security data packets 
(col 8, lines 15-30). 

Referring to Claim 20: 

Minear and loannidis disclose the limitations of Claim 1 1 above. Minear further 
discloses the first mechanism is also configured to forward the packet to the second 
mechanism if the packet is encrypted (col 9, lines 25-30). 

Referring to Claim 21: 

Minear and loannidis disclose the limitations of Claim 1 1 above. Minear further 
discloses the route for the traffic stream includes a route through a network (col 5, lines 
20-30; col 10, lines 1-15). 

Referring to Claim 22: 

Minear and loannidis disclose the limitations of Claim 21 above. Minear further 
discloses the network includes an Internet (Fig. 1 ). 
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Referring to Claim 23: 

Minear and loannidis disclose the limitations of Claim 1 1 above. Minear further 
discloses the encryption-related procedure includes encrypting the packet (col 21, lines 
1-25). 

Referring to Claim 24: 

Minear and loannidis disclose the limitations of Claim 1 1 above, Minear further 
discloses the encryption-related procedure includes decrypting the packet (col 21, lines 
15-25). 

Referring to Claim 25: 

Minear and loannidis disclose the limitations of Claim 1 1 above. Minear further 
discloses another mechanism configured to receive the packet from the second 
mechanism and to forward the packet based on the route to an ultimate destination of 
the packet (col 19, lines 1-10; col 22, lines 20-30). 

Referring to Claim 26: 

Minear and loannidis disclose the limitations of Claim 1 1 above. Minear further 
discloses the first mechanism is also configured to route packets included in the traffic 
stream based on a load balancing scheme (col 19, lines 5-15; col 22, lines 5-20). 
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Conclusion 

4. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

M. Blaze, J, Feigenbaum, J. loannidis, A. Keromytis. RFC 2704: The KeyNote 
Trust-Management System Version 2. © 1999 The Internet Society. 

5. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tom Gyorfi whose telephone number is (571 ) 272-3849. 
The examiner can normally be reached on 8:00am - 4:30pm Monday - Friday. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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